kernel_optimize_test/drivers/crypto/ccp
Connor Kuehl b610281358 crypto: ccp - use file mode for sev ioctl permissions
Instead of using CAP_SYS_ADMIN which is restricted to the root user,
check the file mode for write permissions before executing commands that
can affect the platform. This allows for more fine-grained access
control to the SEV ioctl interface. This would allow a SEV-only user
or group the ability to administer the platform without requiring them
to be root or granting them overly powerful permissions.

For example:

chown root:root /dev/sev
chmod 600 /dev/sev
setfacl -m g:sev:r /dev/sev
setfacl -m g:sev-admin:rw /dev/sev

In this instance, members of the "sev-admin" group have the ability to
perform all ioctl calls (including the ones that modify platform state).
Members of the "sev" group only have access to the ioctls that do not
modify the platform state.

This also makes opening "/dev/sev" more consistent with how file
descriptors are usually handled. By only checking for CAP_SYS_ADMIN,
the file descriptor could be opened read-only but could still execute
ioctls that modify the platform state. This patch enforces that the file
descriptor is opened with write privileges if it is going to be used to
modify the platform state.

This flexibility is completely opt-in, and if it is not desirable by
the administrator then they do not need to give anyone else access to
/dev/sev.

Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Bandan Das <bsd@redhat.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-12 23:00:15 +11:00
..
ccp-crypto-aes-cmac.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
ccp-crypto-aes-galois.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
ccp-crypto-aes-xts.c crypto: ccp - switch from ablkcipher to skcipher 2019-11-17 09:02:45 +08:00
ccp-crypto-aes.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
ccp-crypto-des3.c crypto: ccp - switch from ablkcipher to skcipher 2019-11-17 09:02:45 +08:00
ccp-crypto-main.c crypto: ccp - switch from ablkcipher to skcipher 2019-11-17 09:02:45 +08:00
ccp-crypto-rsa.c
ccp-crypto-sha.c crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
ccp-crypto.h crypto: ccp - switch from ablkcipher to skcipher 2019-11-17 09:02:45 +08:00
ccp-debugfs.c
ccp-dev-v3.c crypto: ccp - set max RSA modulus size for v3 platform devices as well 2019-12-11 16:36:55 +08:00
ccp-dev-v5.c crypto: ccp - Verify access to device registers before initializing 2019-10-26 02:09:59 +11:00
ccp-dev.c crypto: ccp - Change a message to reflect status instead of failure 2019-10-26 02:09:59 +11:00
ccp-dev.h
ccp-dmaengine.c crypto: ccp - fix uninitialized list head 2019-10-26 02:10:00 +11:00
ccp-ops.c
Kconfig crypto: skcipher - rename the crypto_blkcipher module and kconfig option 2019-11-01 13:42:47 +08:00
Makefile crypto: ccp - add TEE support for Raven Ridge 2019-12-20 14:58:32 +08:00
psp-dev.c crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() 2020-03-12 23:00:12 +11:00
psp-dev.h crypto: ccp - add TEE support for Raven Ridge 2019-12-20 14:58:32 +08:00
sev-dev.c crypto: ccp - use file mode for sev ioctl permissions 2020-03-12 23:00:15 +11:00
sev-dev.h crypto: ccp - move SEV vdata to a dedicated data structure 2019-12-20 14:58:32 +08:00
sp-dev.c
sp-dev.h crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() 2020-03-12 23:00:12 +11:00
sp-pci.c crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() 2020-03-12 23:00:12 +11:00
sp-platform.c
tee-dev.c tee: amdtee: check TEE status during driver initialization 2020-01-04 13:49:51 +08:00
tee-dev.h crypto: ccp - provide in-kernel API to submit TEE commands 2019-12-20 14:58:32 +08:00